Items Tagged with "Penetration Testing"

I mentioned recently that we would take a closer look at Metasploitable 2.0, the purposefully vulnerable Linux virtual machine used for learning security tactics and techniques. In this intro, we will quickly cover obtaining Metasploitable 2.0 and scanning it for open ports and services...

The T.J. Maxx data breach was due to insecure wireless connectivity. Estimates of the costs for this security fiasco are a staggering $4.5 billion. Had the staff at T.J. Maxx had this book at hand and used it, they may have been able to save themselves a significant amount of money...

One of the more common ways pentesters break in to networks is by leveraging regular user accounts which have been compromised. They can be used in various ways to compromise systems, data, applications, and more. Once valid user accounts are obtained, using them throughout the network rarely triggers any alarms...

July 31, 2012

The "Power Grid" is a growing topic in the security industry and Advanced Metering Infrastructure (AMI) is a topic that hasn't been discussed to its full potential. Spencer's presentation discussed the types of vulnerabilities found in Smart Meters, and gave examples from real world assessments he conducted...

July 30, 2012

Dave Porcello, Founder and CEO of Pwnie Express discusses the recently released Power Pwn, a fully-integrated enterprise-class penetration testing platform, covering the entire spectrum of a full-scale pentesting engagement, from the physical-layer to the application-layer...

The bottom line: Attackers are always looking for mistakes, outliers, and inconsistencies so they can use them against you. This means your security programs need to be robust, resilient, measurable, and – as much as possible – consistent (vs. ad hoc)...

Penetration Testing / Red Teaming requires the use of a lot of tools. I don't mind getting called a "script kiddie" because I can accomplish more and faster when I don't have to code every single task I need to do. This post is to point out companies that make this possible and give a small bit of thanks...

Network analysis has never been easier. Power Pwn, which looks like a surge protector, can be controled remotely via Wi-Fi, Bluetooth, and Ethernet as it searches for network weaknesses. It’s fully manageable via a Web interface accessible through the unit's 3G radio or directly to the device via text message...

It's real simple, first we've gotta add the GetTcpTable function to Railgun, then gauge the size of the table, then it's all just parsing the result. Also pretty straight forward. First we get the number of entries which is held in the first 4 bytes, then just parse the MIB_TCPTABLE one MIB_TCPROW...

DEUCE went from simple concept to a multi-encoding and encryption DLP bypass tool. The program simply takes an input file and creates a cookie for each line. DEUCE has the ability to encrypt via AES, hash with MD5 or use a custom multi-encode with a 3 times replacement cipher...

One area where companies seem to become lost is when talking about performing penetration testing services against their deployment. While there are some details to work out, fundamentally this type of assessment translates well when talking about applications and infrastructure deployed in the cloud...

I was messing with the Windows service binaries in Metasploit and I noticed something. For the PSEXEC module, the service name (actually just the display name, 'service name' is random) always started with an uppercase 'M'. Curious to why that was I looked and found Line 246 of the PSEXEC module to be the culprit...

Sometimes the wrong people get the code and use it maliciously. It is in the nation’s best interest to keep the power infrastructure safe and keep meters fool proof, but it depends on how effective a tool is to be able to effectively manipulate the technology to an individual’s own financial advantage...

Since October, 2010, Shodan has consistently made waves in the information security world. Like any security tool, Shodan can be leveraged by both malicious attackers and legitimate security operations to gain insights into the public IP exposure of an organization. Now enters the Shodan App...

"We provide free specialized access to skills and services that are not readily available or are in high demand across the dot-gov to promote a healthy and resilient cyber infrastructure. That's the goal to do risk-based analysis and gap analysis of capabilities and drive improvements..."

One of the powers of Metasploit is its ability to stay memory resident through the use of reflective DLL injection, even keeping new functionalities the attack loads from ever touching disk. I want get to that same level with Mimikatz. Here is my first step to that end: A Railgun based Meterpreter script...